Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.26 views

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

7.8CVSS7AI score0.00104EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 12:0 a.m.14 views

CVE-2026-37535

OpenXC isotp-c (up to commit 5a5d19245f65189202719321facd49ce6f5d46ac, 2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler. The 4‑bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious C...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.29 views

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

7.1CVSS0.00205EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.4 views

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 6:26 p.m.5 views

CVE-2026-31474

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References4
Rows per page
Query Builder